Business loses $18k in email intercept scam

Nuklear Limited was in discussions with a supplier when a third party hijacked the email conversation.

New Zealand companies are being warned of a new business to business email intercept scam after one Auckland business was defrauded of more than $18,000 in their payment for supplies to a South Korean company.

Michelle Millington, manager of Nuklear Limited, said fraudsters intercepted email correspondence between her company and its Korean suppliers and changed the banking instructions on the invoice.

An invoice for US$15,250 sent from the email address of the Korean-based supplier last month advised that payment should be made to a London-based bank instead of the usual Korean bank account.

"We have been dealing with the supplier mainly via email and we have no reason to believe that this instruction isn't genuine," said Millington, whose company manufactures mirror demisters.

"When the suppliers contacted us to say they did not receive the money when our goods were ready for dispatch, we realised we had been scammed."

Netsafe told Millington it was the fourth time the cyber security organisation had been made aware of hacked supplier communications from people dealing with overseas companies.

Chris Hails, cyber security manager said advised Millington to contact the bank for assistance to trace, restore and revoke the payment, and also make a police report.

"But given the cross-border nature and involvement of tecnology, it can be hard to get anything resolved," Hails said.

"We would recommend a full security audit of systems and email accounts to ensure no one retains access on your end."

The Ministry of Business, Innovation and Employment said it was aware of scams involving scammers intercepting business to business emails.

However, it did not have records on how much money have been lost to such scams as its consumer affairs arm did not collect comprehensive statistics on scams.

"We recommend anyone looking to make purchases online does research into the company they are purchasing from," a ministry spokeswoman said.

"People should become suspicious if their supplier's details change, such as bank account details and they should contact the company directly to confirm any changes."

The ministry runs an online information service, called Scamwatch, aimed at educating people on how to avoid being scammed and what to do if they were victims.

Kenny Jeong, New Zealand representative of Korea's Small and Medium Business Administration, said the email intercept scam was not unique to just people dealing with businesses in South Korea.

"I had a similar experience with an Australian buyer two months ago after my email was attacked by a scammer and bank account details changed," said Jeong.

"The Korean company shouldn't be blamed here, but the lesson is that people have to take extra care when dealing with anyone overseas."

Jeong advised that email passwords should be changed at least once a month as a precaution.